The Simplification of Digital Legislation(Digital Omnibus) is an initiative designed to reduce bureaucracy, regulatory complexity and administrative costs for EU companies, especially SMEs.
The EC wants to achieve simplification of EU digital rules mainly through:
The Digital Simplification Package is formally articulated through two main legislative procedures:
_
Overall, the European Commission is simplifying or adjusting three regulatory Pillars:
Data Act (Regulation (EU) 2023/2854).
Consolidates and modernizes the non-personal data framework. The objective is to create a “One Data Act” by merging and repealing four legal instruments (DGA, ODD, FFDR) into one to increase clarity.
Area | Simplification Measure | Implications |
Consolidation of Acquis | It repeals the Free Flow of Non-Personal Data Regulations (FFDR), the Data Governance Act (DGA) and the Open Data Directive (ODD), integrating their essential rules into the Data Act. | Increases legal clarity and consistency, reducing compliance costs. |
Data Intermediation Services (DISP) | The mandatory notification regime for DISP becomes voluntary and the legal separation requirement is eliminated (replaced by functional separation). | Promotes growth and lowers market entry barriers for DISPs. |
B2G Data Exchange | It limits and clarifies the scope of business-to-government (B2G) data sharing provisions to public emergency situations only. | Reduces legal ambiguity and burdens for companies previously subject to “exceptional need” requirements. |
Cloud Services Switching | It introduces a more flexible regime for custom-made data processing services and for services provided by SMEs and SMCs, if the contracts were concluded before September 12, 2025. | Smaller suppliers are allowed to include proportionate penalties for early termination in fixed-term contracts. |
Smart Contracts | Specific essential requirements for smart contracts executing data sharing agreements are eliminated (Article 36 of the Data Act). | Reduces regulatory complexity and uncertainty for innovators in blockchain and distributed log technology (DLT)-based solutions. |
GDPR (Regulation (EU) 2016/679) and NIS2/DORA.
Specific modifications to personal data protection and incident reporting. Aims to reduce compliance complexity and duplicate reporting. Addresses consent fatigue(cookies) and centralizes cyber incident reporting (Single Point of Entry).
Area | Simplification Measure | Business Implications/Benefits |
Cookie Policy | Cookie rules (currently in the ePrivacy Directive) are reformed and integrated into the GDPR framework. Banners are simplified with one-click consent options. | Alleviates “consent fatigue” and reduces compliance costs. Introduces a “white list” of low-risk purposes that do not require consent. |
Use of Data for AI | It clarifies that the processing of personal data for the development and operation of AI systems and models can be carried out for legitimate interest under the GDPR. It also allows exceptional processing of special categories of personal data for the detection and correction of bias. | It provides legal clarity for AI development and fosters reliable and non-discriminatory European AI innovation. |
Incident Notification | A Single Entry Point (SEP) managed by ENISA is introduced to simultaneously comply with incident reporting obligations. | It promotes the principle of “inform once, share with many”, reducing administrative burden and duplication. |
AI Act (Regulation (EU) 2024/1689).
Amendments aimed at the governance and implementation timelines of the AI Law. The aim is to ensure clear and innovation-friendly implementation, avoiding disproportionate costs by linking obligations to the availability of standards and centralizing the oversight of general purpose AI (GPAI).
Simplification Measure | Implications |
Extension of Privileges to SMCs | Certain regulatory simplifications granted to SMEs, such as simplified technical documentation and special consideration in penalties, are extended to SMCs. |
Alignment of Application Deadlines | It links the entry into application of high-risk standards to the availability of supporting tools, such as harmonized standards and guidelines. |
Centralization of Supervision | Centralizes the oversight of AI systems based on General Purpose AI (GPAI) models and AI systems integrated into Very Large Online Search Platforms/Engaging Engines (VLOPs/VLOSEs) in the Commission’s AI Office. |
AI Literacy Obligation | The general and non-specific obligation for operators to ensure a sufficient level of AI literacy for their staff is removed, replacing it with an obligation for the Commission and the Member States to promote such measures. |
AI Systems Registration | The obligation to register in the EU database for AI system providers that are exempt from high-risk classification is eliminated. |
Innovation and Testing | Expanded use of regulatory sandboxes and real-world testing to benefit more innovators, including an EU-wide sandbox from 2028. |
EUROPEAN COMMISSION. Press Release (Nov 19, 2025) Simpler EU digital rules and new digital wallets to save billions for businesses and boost innovation.
https://ec.europa.eu/commission/presscorner/detail/en/ip_25_2718